gafgyt | 796d0c06dc401fca01097051da8e9d07579db8c4026e3faf03bfe28649bf37ec | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4f92f04e3b623a2dd56944605fb40db0
Size

168KB
Sample

231219-2695bsbfbk
MD5

4f92f04e3b623a2dd56944605fb40db0
SHA1

2be1ead38cce3747366418541aee729f58503b40
SHA256

796d0c06dc401fca01097051da8e9d07579db8c4026e3faf03bfe28649bf37ec
SHA512

c1b06834c7c26a8a57f4449464043d6c753e7aaf9b5f171970fa24e494aaff4cd7dd0a44a03708f18271ae063bbaeffafcc50d9f701a3b157ae582dbc076aac5
SSDEEP

3072:d7SAiZMtxyoOUQwpGiPaISujLGOr63lB8WetJ8add9QzhsENPm72VzmyUQ0LKX2q:nGYaJueh3lHetJ8addQPNPm6zmyUQ0Ly

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

104.248.132.154:666

Targets

- Target
  
  4f92f04e3b623a2dd56944605fb40db0
- Size
  
  168KB
- MD5
  
  4f92f04e3b623a2dd56944605fb40db0
- SHA1
  
  2be1ead38cce3747366418541aee729f58503b40
- SHA256
  
  796d0c06dc401fca01097051da8e9d07579db8c4026e3faf03bfe28649bf37ec
- SHA512
  
  c1b06834c7c26a8a57f4449464043d6c753e7aaf9b5f171970fa24e494aaff4cd7dd0a44a03708f18271ae063bbaeffafcc50d9f701a3b157ae582dbc076aac5
- SSDEEP
  
  3072:d7SAiZMtxyoOUQwpGiPaISujLGOr63lB8WetJ8add9QzhsENPm72VzmyUQ0LKX2q:nGYaJueh3lHetJ8addQPNPm6zmyUQ0Ly
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1